VPN frequently asked questions

Document Sample
VPN frequently asked questions Powered By Docstoc
					IS1507 VPN: frequently asked questions                                               Page 1 of 3




VPN: frequently asked                                                                User Guide
                                                                                        IS1507

questions
This document answers some frequently asked questions about
the VPN service



General

Is there a mailing list or newsgroup for users of the VPN?

        Yes. You can subscribe to the newsgroup at:

        http://uonlists.nottingham.ac.uk/mailman/listinfo/nott-vpn

        There is also a mailing list for users. You can get information about using it by
        sending a message with just the word “help” as subject or in the body, to nott-vpn-
        request@nottingham.ac.uk

        This mailing list is intended to allow users of the VPN to share information and
        experiences.

Software installation

"An application has changed settings. A new Winsock LSP has been added." is
reported by the Microsoft Anti-Spyware application during the VPN Client
installation. Is this a problem?

        No – Choose the option to ignore this – or disable the application during the
        installation.

"The VPN client cannot be installed if the Windows IPSec Policy Agent is enabled
. . . Do you want the installer to disable the IPSec Policy Agent?"

        Choose "Yes" to disable the agent and to proceed with the installation.


Client configuration

Is split-tunnelling permitted?

        Partially. Split-tunnelling is permitted only for your local LAN. This feature is
        useful for users who want to access devices on their local network, such as
        printers, while they are connected to the UoN network. This feature is disabled by
        default. To enable it, right-click on the connection entry, select “Modify …” from


                                                                         Last review: 29 Jan 09
   Printed on recycled paper                                             Next review: 29 Jan 10
IS1507 VPN: frequently asked questions                                              Page 2 of 3


        the context menu, click on the “Transport” tab and tick the box labelled “Allow
        Local LAN Access”.




        This feature should only be enabled in a secure environment. In an insecure
        environment (for example, in a hotel) this feature should be disabled.


Firewall and Router configuration

Configuring Microsoft ISA Server 2000

        See MS Article 812076 http://support.microsoft.com/default.aspx?scid=kb;en-
        us;812076

Configuring ZoneAlarm

         Open ZoneAlarm.
         Select the Firewall option.
         On the Main tab, verify that the "Trusted Zone" security setting is set to medium.
         On the Zones tab, click Add, then IP Address. Select "IP address" from the list of
          options.
         To add the VPN server to your Trusted zone, enter the IP address 128.243.80.3.
         Add a description of this entry. "UoN VPN" is recommended.
         Click OK.


Operational issues

Screen savers, hibernation/sleep mode, and the VPN software

        On several operating systems, the Cisco VPN client will have problems when the
        system engages a screen saver, goes into hibernation, or goes into sleep mode.
        This is because the VPN client expects to have constant communication with the
        server. When the system goes into a state of lower activity, some hardware devices
        can also be put into standby, including wireless and Ethernet cards. If this is done,



                                                                        Last review: 29 Jan 09
   Printed on recycled paper                                            Next review: 29 Jan 10
IS1507 VPN: frequently asked questions                                               Page 3 of 3


        it interrupts the network connection the VPN client is using to communicate with
        the server.

        On Windows, some network cards are put into standby when a screen saver
        engages or hibernation starts. The VPN client often becomes unable to
        communicate with the server even after the screen saver or hibernation is ended
        and normal network card activity resumes. Stopping and restarting the client will
        not solve the problem; you will need to reboot the system in order to be able to
        connect correctly again. You should always log out of the VPN client software and
        exit it before letting your system go into screen saver or hibernation mode.

Why is my VPN session disconnecting unexpectedly with the message "Remote
peer has terminated connection"?

        There are two types of Time-Out set for a user session. Idle-Timeout is set to 30
        minutes; this time-out disconnects a user session if no activity occurred within that
        period. Maximum Session-Timeout is set to 3 hours; this will disconnect a user
        session that exceeds 3 hours.

How can I tell what address was assigned to me after establishing a VPN Client
connection to a VPN Concentrator?

        The VPN Client icon on the taskbar lets you view the status of your private
        network connection. Right-click the icon and select Status from the pop-up menu.
        On the Status screen, you can see the Client IP address and the Server IP address.

Do I still need my own Internet connection for establishing VPN connectivity?

        Yes. The VPN software does not provide Internet access. Instead, the software
        uses your existing Internet connection through your internet service provider (ISP)
        to create a VPN tunnel to the UoN campus network. However, you can setup your
        VPN Client to automatically start your ISP dial-up program whenever you establish
        VPN connectivity. See the VPN Client software manual (supplied as part of the
        bundle) for how to do this.

My AOL 7.0 or 8.0 connection drops when I connect to the VPN. What can I do?

        The VPN Client will not work with AOL 7.0 or 8.0.

        When connected to the VPN, AOL disconnects after few seconds. This happens
        because of a "connection keepalive" sent by AOL. When connected to the VPN, the
        AOL server doesn't recognize that the connection is now being sent through the
        VPN, and is led to believe that the machine is no longer connected to its network.
        Since it no longer sees the client, it disconnects the session. This is expected
        behaviour from AOL connected clients. AOL does not claim to provide any support
        for VPN on their infrastructure. Use a different ISP if you need to connect to the
        UoN VPN. See 46RN Page 21 for AOL caveats.

I have multiple computers behind a router/firewall at home and want to use the
VPN client on both of them. Will this work?

        No. The VPN concentrator has been configured to allow only one session per user.




                                                                         Last review: 29 Jan 09
   Printed on recycled paper                                             Next review: 29 Jan 10

				
DOCUMENT INFO